Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Digital Identity (or something)

Lockstep's founder and Principal Stephen Wilson is a pioneer in what's called "digital identity". Lockstep Consulting provides cut-through strategy advice in all aspects of identity management.

Steve is a leading authority on what's generally called "digital identity" (though he works hard to find different words for this complicated branch of cybersecurity).

For over 23 years years he has helped organisations in government, healthcare and banking throughout the Asia Pacific establish effective authentication systems, with advice on strategy, architecture, policy, privacy, technology selection and governance. He has been a key player in Australia’s emerging national authentication frameworks, including the Gatekeeper PKI, the National Smartcard Framework, the National Electronic Authentication Council, and the Law Reform Commission's Emerging Technology Advisory Committee. And he has worked around the world on national authentication, in the US National Strategy for Trusted Identities in Cyberspace (NSTIC), the Kantara Initiative, the FIDO Alliance, the Open Identity Foundation, and government frameworks across Asia. Steve has published and spoken widely extensively on all issues to do with digital identity. He is one of the world's most original thinkers in the field.

"Steve is a one of kind deep thinker about complex technology and business problems and an innovative solution creator." -- Mark Bower, Vice President Product Development, Voltage Security.

"Stephen is a true thought-leader in Information Security, combining deep understanding of the technology with a balanced and pragmatic view of what will work commercially and in terms of user acceptance, based on many years of industry experience." -- Ian Christofis, Principal Consultant, Verizon Business.


In the late 1990s, after working on several pioneering PKI projects, Steve realised that online authentication was really more about credentials and relationships than identity per se; see for example his presentation to the Information Outlook '98 Conference in Canberra. From that time onwards he has pioneered digital credential governance and technologies, to improve the security of online transactions, the autonomy of businesses and the privacy of users. In 2003 he published a detailed healthcare credentialing system for the American Bar Association. Over 2004 and 2005 he was retained by the Australian Government Information Management Office (AGIMO) to reform the federal Gatekeeper PKI framework. There he introduced Relationship Certificates, and subsequently piloted them with Medicare Australia. He worked out the fundamental liability arrangements for healthcare professional digital credentials with Medicare’s legal counsel, and drafted Medicare’s Relationship Certificate Policies which remain in use today.

Over 2005 to 2007 Steve was retained by several leading federated identity programs. He developed the SAML architecture for the Internet Industry Association’s proposed industry based authentication hub; he researched the digital identity marketplace and drafted the smartcard marketing strategy for the Trust Centre inter-bank federation; and he was the authentication subject matter expert on a business case review of the Commonwealth’s VANguard credential management infrastructure. Internationally, Steve has provided formative strategic advice on authentication to the governments of Hong Kong, New Zealand, Malaysia, Indonesia, Singapore, Kazakhstan and Macau, and to the eASEAN secretariat. For many years he sat on the APEC eAuthentation Task Group, and was a major contributor to APEC's Electronic Authentication: Issues Relating to Its Selection and Use (2003). He was a ministerial appointment to Australia’s National Electronic Authentication Council (NEAC), he represented OASIS at the Asia PKI Forum, and he chaired the international OASIS PKI Adoption Technical Committee.

Steve has drawn together two decades of experience to publish a definitive new ecological theory of federated identity – including one of the world’s few critical post mortems of CardSpace – which he presented at the AusCERT 2011 information security conference. Through 2013 he presented his ecological analysis to MIT's "iauth" legal hackathon, and the Cloud Identity Summit. In 2017 he started a PhD within the Australian Defence Force Academy (UNSW Canberra) to test and refine this theory.

Steve is currently active in several private and public sector identity projects. He makes regular public contributions to Australia’s emerging Trusted Digital Identity Framework (TDIF) and the US National Strategy for Trusted Identities in Cyberspace (NSTIC), amongst others. He also conducts independent R&D within Lockstep Technologies on Privacy Enhancing Technologies, and has been awarded several patents. Lockstep Technologies is the only Australian company to be awarded an Identity & Privacy R&D contract with the US Department of Homeland Security.

Since 2015, Steve has been a judge in the Identity category of the Mobile World Congress "Glomo Awards" for mobile technology innovation, and Privacy Track Chair for the Cloud Identity Summit (now known as Identiverse), one of the world's leading IDAM industry events.

In December 2016, Innovate Identity named Steve in the top 10 of The Most Influential Thought Leaders in Digital Identity. In January 2017, One World Identity named Steve as one of the Top 100 Leaders in Identity.


Lockstep's digital identity clients include the New South Wales Digital Driver Licence, the Australian Payments Network, the Digital Transformation Agency, the Attorney-General’s Face Verification Service, the FIDO Alliance, NSTIC, Australia Post Digital iD, Service NSW, Service Victoria, the Open Identity Foundation, the Internet Society, the Biometrics Institute, Aetna, the National Authentication Service for Health, Project Gatekeeper, the South Australia Health PKI, the Victorian state citizen authentication strategy, the Australian Privacy Commissioner, the Australian banking industry's Trust Centre, IBM, Infosys, Persistent Systems, and the US digital identity start-ups, Confyrm, Queralt and Evernym.

We have been principal advisers on national identity frameworks to the governments of Australia, Hong Kong, Indonesia, Kazahkstan, Macau, Malaysia, New Zealand and Singapore, as well as APEC and ASEAN.

A capability statement with further client details are available below.